ZPSM Managed Security
FairCo Security Manager
The FairCo Security Manager (ZPSM) provides defensive network capabilities that far exceed those imposed by today’s regulatory requirements. A network protected by the ZPSM will pass any PCI scan, and will defeat most inbound and outbound threats. The ZPSM is comprised of four core modules tied together with a powerful console that delivers advanced reporting, real time alerting, and effective correlation capabilities. Any network protected by the ZPSM will have a significantly reduced overall risk profile.
An overview of the ZPSM’s modules are provided below:
ZPSM Core Modules Overview:
Host Intrusion Prevention System (HIPS)
The ZPSM offers two modes of HIPS which are agent driven and agentless. In an agent driven configuration, software HIPS agents are deployed on servers and desktops alike. In an agentless configuration the HIPS technology monitors switches, routers, firewalls and other devices. In both cases the HIPS monitors the hosts for file integrity changes, root kit or back door technology, rogue processes, access to the host, logs and more. In addition to performing monitoring, the ZPSM also performs security audits against the host on a regular basis. The HIPS module is reactive in that it will respond to and defeat threats by killing processes, blocking network traffic, and even suspending accounts if required. In the event that an attack is detected the ZPSM can instruct all or just one host to block the offending source.
Network Intrusion Prevention (NIP)
The ZPSM delivers advanced network defenses by tapping into and watching all inbound and outbound network traffic. This module is ideal for detecting inbound or outbound network threats, worms, data leaks, security risks, and much more. If the ZPSM detects a network-based threat, it reacts by temporarily or permanently blocking the offending source. This module is capable of interacting with firewalls and routers for the purposes of blocking or re-routing offending network traffic.
Web Application Firewall (WAF)
The ZPSM protects Web Applications with its Web Application Firewall module. This module filters all web page access to and from a predefined set of web servers. If the traffic violates an ZPSM policy then the traffic is prevented from reaching its destination. This module is ideal for preventing the loss of sensitive customer data and is recommended by the Payment Card Industry (PCI).
Log Storage and Analysis (LSA)
System logs from any network-connected device can be sent to the ZPSM over syslog UDP port 514. The ZPSM will automatically analyze the logs and detect events that represent security risks, broken configurations, logon or logoff events, etc. This module can also be used to store logs for auditing purposes.
Centralized Monitoring, Alerting and Event Management.
The ZPSM uses a powerful web based console that collects information reported by the four core modules. When an event is reported it is automatically correlated against all other events from other modules. Special automated alerting rules can be configured to send email notifications, execute system commands, sound audible alarms, and more. The web-based console is highly configurable and designed to be very intuitive.
FairCo Staff Augmentation (ZPSA)
It takes an expert to understand the events reported by a system like the ZPSM; and not everyone has security experts on staff. That is why we offer our customers the ZPSA. This service not only provides our customers with ZPSM monitoring and support but also enables our customers to use our security experts as an extension of their IT staff. Examples of ZPSA use are, policy review, pre purchase technology and software evaluation, vendor evaluation, penetration tests, vulnerability assessments, incident response, etc.